Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.

Sending this out on Sunday this week to try something new. This week I was lucky enough to interview Matthew Tamayo, Founder and CEO of Kryptnostic. Matthew left Palantir in 2014 to found Kryptnostic – a tool to facilitate search within encrypted files. Kryptnostic raised $2mm in seed funding several months ago.

Any feedback? Ways that I could make this newsletter more useful? Please let me know. Thanks for for reading!

Your main product is encrypted search in the cloud. What made you realize this was a problem? Why aren’t a lot of other players working to tackle it?

Search is the most basic functionality people expect from their data in the cloud. The ability to search e-mails, documents, and other data stored in the cloud without having to give the cloud plaintext access provides security, privacy, and compliance benefits for enterprises– many of whom are unwilling to even migrate to the cloud.

Could you explain how enterprise users are currently able to interact with files in the cloud and how adding your service on top of a cloud storage provider would add value above the status quo?

Enterprise users either use homegrown systems, Box, DropBox, Huddle, Tresorit, Office 365, or other products to interact with files in the cloud.  Our product is not a end-consumer product. It is a set of SDKs and services that enable developers to build equivalent experiences, without having to maintain full access to their data.

In a blog post, you reference the possibility of a black swan event in security in which a cloud storage provider is hacked and data from millions of customers is stolen. How secure are today’s cloud storage providers like Box and Dropbox?

It’s not a black swan event– the hacks just keep coming Anthem, Premera, Sony, JPM, etc the list goes on. For example, Slack was recently compromised: http://www.wired.com/2015/03/slack-admits-hacked-enables-2-factor-authentication/

If a big bank like JPM, with the effectively unlimited resources for their security team gets hacked– where does that leave other companies who hold valuable data but aren’t focused on security or don’t understand the current nature of cyberthreats?

The News:

Sony employee lawsuit over data breach marks watershed moment

• If Sony’s employees are successful in their attempt to sue the company for negligence, they will set a precedent that will have large implications over how corporations must protect employee data. “Doing nothing” isn’t okay anymore.

Steve Herrod of General Catalyst’s “Commandments for the Speed of Security”

• For a security policy to be effective, it must barely be noticeable. If it creates extra friction for the user, they will find ways to work around it.

The Government Prepares for War in CyberSpace

• In the DoD’s Cyber Strategy Report, the government notes that it has started developing cyber “weapons” such as malware to allow it to go on cyber offense if a situation demands it. The DoD maintains that it’s the responsibility of corporations to protect against threats such as IP theft, but that the government may step in in extreme cases.

The Biggest Takeaways from RSA 2015

• Some interesting highlights from the cybersecurity world’s biggest conference. Apparently companies spend twice as much on cybersecurity services as they do on cybersecurity products.

BVP Partner David Cowan’s RSA Presentation Slides: Security for Startups

• Cowan debunks the notion that just because a company is small, hackers won’t be interested in their data. Use secure coding practices to mitigate malware attacks, use cloud-based services to help avoid DDoS attacks.

Lawmakers skeptical of FBI’s encryption warnings

• Despite the urging of law enforcement, Congress seems reluctant to force companies like Google and Apple to create a “backdoor” for law enforcement to get past encrypted user data.